Facebook regularly abuses the privacy of its users. Google no longer supports its popular RSS feeds. Apple has banned all iPhone apps that are political or sexual in nature. Microsoft may collaborate with some governments to spy on Skype calls, but we do not know which governments. Recently, both Twitter and LinkedIn have experienced security breaches that have affected the data of hundreds of thousands of users.

If you consider yourself a helpless villager in the power struggle of the “Aryka game”, you have thought correctly, more than you can imagine. These are not traditional companies, and we are not traditional customers. They are feudal lords and we are their subjects, peasants, and slaves.

Power in IT has also shifted in favor of two spectrums: cloud service providers and packaged platform vendors. This power shift has greatly affected many issues and deeply impacts security.

Traditionally, computer security was the responsibility of the user. Users would buy their own antivirus software and firewalls, and any flaws were their own negligence. This was, in a way, a foolish business practice. We usually assume that the products and services we buy are secure and reliable. But in IT (Information Technology), we have tolerated countless low-quality products and services, and by buying them, we have actually supported them.

Now that the IT industry has reached maturity, we expect to see automatic installation of more security measures on devices (out-of-the-box method). This has been made possible on a large scale by two technological trends: cloud computing and operating systems (platforms) controlled by vendors. The first means that most of our data is now stored on another network: Google Docs, Salesforce, Facebook, Gmail. The second means that our new internet devices are both locked and controlled by vendors, limiting our ability to configure them: iPhones, Chromebooks, Kindles, Blackberries. In the midst of this, our relationship with IT has changed. Previously, we used our computers for specific tasks, but now we also use vendor-controlled devices to go places; all of these places belong to someone else.

A new security model is being taken care of by someone else, without informing us of the details. I have no control over the security of my Gmail or my photos on Flickr. I cannot demand more security for the content I have presented on Prezi or the tasks listed on Trello, no matter how serious they may be. I cannot audit any of these cloud services. I cannot delete cookies on my iPad or ensure that my files have been securely deleted. My Kindle updates automatically without my knowledge or consent. I am only vaguely aware of the security on my Facebook, and I don’t even know what operating system they are using.

There are many good reasons why we have all flocked to these cloud services and vendor-controlled operating systems, and of course, their benefits are countless, from cost to ease, from reliability to their own security. However, this is inherently a feudal relationship. We entrust our data and computing operating systems to these companies and trust that they will treat us well and protect us from harm. Also, if we are completely loyal to them – if we allow them to control our emails, calendars, address books, photos, and everything else – we will also reap even more benefits. We become their subjects, or perhaps in the worst case, their slaves!

There are many feudal lords. Google and Apple are the most prominent, but Microsoft is trying to control both user data and the user’s operating system. Facebook is another lord that controls most of our social interactions on the internet. Other feudal lords are smaller and more specialized, such as Amazon, Yahoo, Verizon, etc. But their pattern is the same.

Undoubtedly, feudal security has its own benefits. These companies operate with much better security than average users. Many automatic backups store data after hardware failures, user errors, and malware vulnerabilities. Automatic updates also significantly increase security. This applies to small organizations as well; they are more secure than when they did this themselves. For large companies with dedicated IT security departments, these benefits may be less obvious. Undoubtedly, even large companies outsource important functions such as tax preparation and cleaning services, but they still have requirements for maintaining security, data retention, auditing, etc. which may not be possible with most feudal lords.

Feudal security also has its dangers. Sellers can make security mistakes and affect hundreds of thousands of people. Sellers can imprison people in relationships that are difficult to escape from and leave their data and problems behind. Sellers can act selfishly against our interests; Facebook regularly does this by changing people’s default settings, introducing new features, or changing its privacy policy. Many sellers give our data to governments without our knowledge or consent; they almost sell them for profit. This is not surprising, as companies are expected to act in their own interests, not the interests of their users.

The feudal relationship is inherently based on power. In medieval Europe, people would pledge loyalty to feudal lords in exchange for protection. These relationships changed as the lords realized they held all the power and could do as they pleased. The common people were exploited and taken advantage of, farmers were tied to their land, and became enslaved.

This popularity of internet lords and their widespread presence enables them to profit; government laws and regulations facilitate the preservation of their power. These lords compete with each other for profit and power. By spending time on their websites and giving them our personal information – whether through search engines, emails, status updates, likes, or simply our behavioral traits – we provide them with raw material for their battles. In this way, we are like slaves toiling on the feudal lands of lords. If you don’t believe it, try it out, see if you can take your information with you when you leave Facebook! When the war between superpowers rages, we suffer damage from both sides…

So how do we keep our souls safe? We have limited alternatives on a daily basis, but we also need to trust someone and decide who to trust and who not to trust, and then act accordingly. This is not easy; feudal lords deviate from their path to not be transparent about their actions, their safety, and everything else. Use whatever power you have – as an individual, it’s almost nothing, as big companies it’s more – to negotiate with your lords. And finally, do not be extreme in any way: not politically, not socially, not culturally. Yes, you can survive without having a closed source, but these are usually the edges that are influenced. I agree that it may not bring much peace, but it is still a bit of peace.

In the policy section, we have a work plan. In the short term, it is necessary to “circumvent”, meaning the ability to change our hardware, software, and data files, to still legally maintain the neutrality of the network. Both of these reduce the amount of profit that bosses can take from us, and increase the possibility of forcing their market to adopt a more benevolent approach; something we definitely do not want is for the government to spend resources on strengthening one business model and its priority over other forms and suffocating competition.

In the long term, we need to reduce the power imbalance. Feudalism in the Middle Ages transformed into more balanced relationships where lords had responsibilities alongside their rights. Internet feudalism today is both temporary and one-sided. We have no choice but to trust the lords, but in return, we receive very little assurance from them. Lords have great rights but limited responsibilities or restrictions. We must balance this relationship and government intervention is the only way to help us achieve this goal. In medieval Europe, the rise of centralized government and stable rule, which feudalism lacked, was provided. The Magna Carta (personal freedom) treaty obligated the government to accept responsibilities and empowered individuals to create a government for and by the people. We need a similar process to control internet lords and this is not something that market forces can provide. Power, in the true sense of the word, is changing and there are much larger issues than the internet and our relationships with technology providers.

Bruce Schneier is a world-renowned expert in digital security.